最新版本在:http://jangmt.com/wiki/index.php/Nginx

簡介

說明

安裝 NIGNX 及移除 APACHE

  • 可以移除原有的 httpd 及 php
 yum remove httpd php
  • 安裝 nginx + php-fpm 程式
[root@bk-mail html]# yum -y install nginx php-fpm

Dependencies Resolved

================================================================================================================
Package Arch Version Repository Size
================================================================================================================
Installing:
nginx x86_64 1.0.15-5.el6 epel 397 k
php-fpm x86_64 5.3.3-22.el6 base 1.1 M
Installing for dependencies:
GeoIP x86_64 1.4.8-1.el6 epel 620 k
gd x86_64 2.0.35-11.el6 base 142 k

Transaction Summary
================================================================================================================
Install 4 Package(s)

Total download size: 2.3 M
Installed size: 6.3 M
Downloading Packages:
(1/4): GeoIP-1.4.8-1.el6.x86_64.rpm | 620 kB 00:01 
(2/4): gd-2.0.35-11.el6.x86_64.rpm | 142 kB 00:00 
(3/4): nginx-1.0.15-5.el6.x86_64.rpm | 397 kB 00:00 
(4/4): php-fpm-5.3.3-22.el6.x86_64.rpm | 1.1 MB 00:00 
----------------------------------------------------------------------------------------------------------------
Total 657 kB/s | 2.3 MB 00:03
  • 啟動及驗證 port
[root@bk-mail ~]# /etc/init.d/nginx restart
停止 nginx: [失败]
正在启动 nginx: [确定]
[root@bk-mail ~]# /etc/init.d/php-fpm restart
停止 php-fpm: [失败]
正在启动 php-fpm: [确定]
[root@bk-mail ~]# netstat -tlnup | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5174/nginx 
[root@bk-mail ~]# netstat -tlnup | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 5189/php-fpm
  • 測試:http://localhost

nginx

 

設定開機啟動nginx及php-fpm

chkconfig nginx on

chkconfig --level 234 nginx on

chkconfig php-fpm on

chkconfig --level 234 php-fpm on

 

PHP-FPM 可以工作

  • 設定 PHP-fpm ,讓他可以和 nginx 協同工作,也就是說需要 PHP 時丟給 127.0.0.1:9000 去執行
# 以下這個設定檔是用原本 epel 的範本修改的
[root@bk-mail conf.d]# cat /etc/nginx/conf.d/default.conf 
#
# The default server
#
server {
listen 80 default_server;
server_name _;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
root /usr/share/nginx/html;
index index.html index.htm;
}

error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
}
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
  • 設定的點在這一段,這段原本全部都是註解掉的,因為原本預設只支援 html 靜態網頁。
    location ~ \.php$ {
        # 用系統預設的 /usr/share/nginx/html 目錄即可
        # 請註解底下這一行,這是設定 nginx 的網頁 root 目錄的位置   
        #root           html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        # 請註解掉底下這一行,他的路徑寫的有問題
        #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        # SCRIPT_FILENAME 指的是 php 的來源程式,套入到後面描述的 $fastcgi_script_name 資源
        # 加入底下這一行,其中 $document_root 是一個變數,會將根目錄帶入底下這一行
 fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
  • 重新啟動 nginx
[root@bk-mail conf.d]# /etc/init.d/nginx restart
停止 nginx: [确定]
正在启动 nginx: [确定]
  • 測試 PHP 可以工作時間並給予一個時間結果 , nginx 的根目錄在 /usr/share/nginx/html/
[root@bk-mail html]# cat /usr/share/nginx/html/index.php
<?php phpinfo(); ?>
  • 可以顯示時間及 phpinfo() 資訊即是正確。
  • 所以這種結果會準嗎?? 這值得討論....

NGINX NAMEBASE虛擬主機

  • nginx 的虛擬主機設定
[root@bk-mail conf.d]# cat tonyhack.asuscomm.com.conf 
# the tonyhack.asuscomm.com
server {
#listen 80;
server_name tonyhack.asuscomm.com;

root /var/www/html;
index index.html index.htm index.php;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}
[root@bk-mail conf.d]# /etc/init.d/nginx restart
停止 nginx: [确定]
正在启动 nginx: [确定]
[root@bk-mail conf.d]# cat /var/www/html/index.php 
<?php phpinfo(); ?>
  • 虛擬主機也可以綁定多域名,如下:
server {
    listen       80;
    server_name tonyhack.asuscomm.com tonyhack.net tonyhack.com tonyhack.org;
    index  index.html index.htm index.php;

 

NGINX 的 SSL

  • 設定檔
[root@bk-mail conf.d]# cat /etc/nginx/conf.d/tonyhack.asuscomm.com.conf 
# the tonyhack.asuscomm.com
server {
#listen 80;
server_name tonyhack.asuscomm.com;

listen 443;
ssl on;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;

root /var/www/html;
index index.html index.htm index.php;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

}
  • 產生憑證 in /etc/nginx/certs 目錄內  請自已加目錄certs
[root@bk-mail certs]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
.....++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@bk-mail certs]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:TW
State or Province Name (full name) []:stnet253
Locality Name (eg, city) [Default City]:taiwan
Organization Name (eg, company) [Default Company Ltd]:asuscomm
Organizational Unit Name (eg, section) []:com
Common Name (eg, your name or your server's hostname) []:tony
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@bk-mail certs]# cp server.key server.key.org

[root@bk-mail certs]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key

[root@bk-mail certs]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=TW/ST=stnet253/L=taiwan/O=asuscomm/OU=com/CN=tony/[email protected]
Getting Private key
[root@bk-mail certs]# ls -ashl
总用量 24K
4.0K drwxr-xr-x. 2 root root 4.0K 6月 23 21:53 .
4.0K drwxr-xr-x. 4 root root 4.0K 6月 23 21:52 ..
4.0K -rw-r--r--. 1 root root 749 6月 23 21:53 server.crt
4.0K -rw-r--r--. 1 root root 631 6月 23 21:53 server.csr
4.0K -rw-r--r--. 1 root root 887 6月 23 21:53 server.key
4.0K -rw-r--r--. 1 root root 963 6月 23 21:53 server.key.org
[root@bk-mail certs]#
  • 重新啟動及測試
[root@bk-mail certs]# /etc/init.d/nginx restart
停止 nginx: [确定]
正在启动 nginx: [确定]
[root@bk-mail certs]# netstat -tlnup | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5771/nginx 
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5771/nginx 
[root@bk-mail certs]#

 

nginx-2

 nginx-1

測試效能

  • 測試工具: ab 指令
  • ab使用範例:
  • 要執行 100 次的 connection, 20 次的 concurrent (並行, 同時):
  • 語法: ab -n 100 -c 20 http://localhost/abc.php
  • 結果解釋:
  • Time taken for tests: 總共執行花了多久的時間.(以上 100 次共多久)
  • Requests per second: 每秒平均可以處理多少個 connection.
  • 內容:index.php
[mtchang@c6 public_html]$ cat index.php 
/home/mtchang/public_html/index.php
  • 內容:index.html
[mtchang@c6 public_html]$ cat index.html 
/home/mtchang/public_html
  • 機器規格描述
[mtchang@c6 ~]$ cat /proc/cpuinfo 
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model  : 58
model name : Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
stepping : 9
cpu MHz  : 1600.000
cache size : 6144 KB
physical id : 0
siblings : 4
core id  : 0
cpu cores : 4
apicid  : 0
initial apicid : 0
fpu  : yes
fpu_exception : yes
cpuid level : 13
wp  : yes
flags  : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts 
acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good
xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm
 pcid sse4_1 sse4_2 popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm ida arat epb xsaveopt 
pln pts dts tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms
bogomips : 6186.06
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:

[mtchang@c6 ~]$ free
             total       used       free     shared    buffers     cached
Mem:       3599640    1660092    1939548          0     183164     825952
-/+ buffers/cache:     650976    2948664
Swap:      4194296          0    4194296

[mtchang@c6 ~]$ sudo hdparm -tT /dev/sda5

/dev/sda5:
 Timing cached reads:   24092 MB in  2.00 seconds = 12065.08 MB/sec
 Timing buffered disk reads:  300 MB in  3.00 seconds =  99.94 MB/sec
  • apache 的 ab 做壓力測試的狀況(靜態 html)
[root@lab html]# ab -n 10000 -c 10 http://c6.jangmt.com/index.html
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking c6.jangmt.com (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests

Server Software:        nginx/1.0.15
Server Hostname:        c6.jangmt.com
Server Port:            80

Document Path:          /index.html
Document Length:        3698 bytes

Concurrency Level:      10
Time taken for tests:   3.654708 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      39100212 bytes
HTML transferred:       36980000 bytes
Requests per second:    2736.20 [#/sec] (mean)
Time per request:       3.655 [ms] (mean)
Time per request:       0.365 [ms] (mean, across all concurrent requests)
Transfer rate:          10447.62 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   0.5      1       3
Processing:     0    1   1.0      2       4
Waiting:        0    1   0.5      1       3
Total:          1    3   0.4      3       6

Percentage of the requests served within a certain time (ms)
  50%      3
  66%      3
  75%      3
  80%      3
  90%      3
  95%      4
  98%      4
  99%      4
 100%      6 (longest request)
  • 用 apache 的 ab 做壓力測試的狀況(此範例為 php 的範例)底下是在沒有 fail 的狀況下的數據。
[root@lab html]# ab -n 10 -c 2 http://c6.jangmt.com/index.php
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking c6.jangmt.com (be patient).....done

Server Software:        nginx/1.0.15
Server Hostname:        c6.jangmt.com
Server Port:            80

Document Path:          /index.php
Document Length:        52564 bytes

Concurrency Level:      2
Time taken for tests:   0.49866 seconds
Complete requests:      10
Failed requests:        0
Write errors:           0
Total transferred:      527110 bytes
HTML transferred:       525640 bytes
Requests per second:    200.54 [#/sec] (mean)
Time per request:       9.973 [ms] (mean)
Time per request:       4.987 [ms] (mean, across all concurrent requests)
Transfer rate:          10307.62 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.6      0       1
Processing:     8    8   1.1      9      10
Waiting:        0    0   0.7      0       1
Total:          9    9   0.3      9      10

Percentage of the requests served within a certain time (ms)
  50%      9
  66%      9
  75%      9
  80%      9
  90%     10
  95%     10
  98%     10
  99%     10
 100%     10 (longest request)
  • 不太精準結論: nignx 有比較好,但是要趕上硬體的差異仍需要很努力....

參考網址:

http://jangmt.com/wiki/index.php/Main_Page

http://blog.jangmt.com/2013/04/centos-64-nginx-php-fpm-ssl-virtualhost.html

By tony

自由軟體愛好者~喜歡不斷的思考各種問題,有新的事物都會想去學習嘗試 做實驗並熱衷研究 沒有所謂頂天的技術 只有謙虛及不斷的學習 精進專業,本站主要以分享系統及網路相關知識、資源而建立。 Github http://stnet253.github.io

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料